msiexec.exe in taskmanager

Lately I have had "Windows XP Installer Standard for Students and Teachers" popping up each time I open an internet explorer window or even just be on the net, it's obviously a fake program. I noticed that the process "msiexec.exe" pops up in the task manager when the installer comes up.

I ran HiJackThis, Norton 2004 (53 items detected that Ad-Aware didn't find), and Ad-Aware, and none of them got rid of this spyware. I forgot to run CWShredder but when I did...it removed "CWS.Bootconf" the problem no longer exists. But I'm still convinced I have some spyware on my computer, I get random popups that start out as a redirecting addresses that then pop up dating sites, ebay, etc., also I have that res://random.dll thing, here is my log take a look-see for anything out of the ordinary the obviously the res://random.dll is present....

bump, CWShredder actually removed something else the Office Installer still remains, I just updated ad-aware to the new reference file as well, and it detected a crap-load of stuff, still the res://random.dll and Office Installer remain. Yarh! I understand that you guys are busy and I'm doing my best to try and figure out how to remove this too...

The following lines I have no clue about, except PowerDVD. Which is support for the PowerDVD remote control, if you use it, leave it. (O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe) If not, I guess you can take it out, though it probably won't help your current problem.O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe

With all the recent hijackthis logs an such, it's gotten increasingly hard to find what a certain file does using google, so I'm sorry I cannot help too much. However, it's probably a good idea to get rid of that trojan first, as it seems to be the easiest problem to solve. Also, not sure what drive E is on your comp (Local Hard drive, or optical drive), but a setup file runnign all the time at startup sounds suspicious.

I have just finsihed a two day bout at my work (student pc tech) tryign to fix someone's computer with a similar problem. What I noticed was that in the Event Log of Windows (if you got windows XP, Right-click MY COMPUTER-->Manage, and Event Viewer is there) under Application events, was that everytime the Installer launched it was lookign for HandWritingFiles, which if I rememeber correctly is part of Microsoft Office, and another file. For someone else on the internet, it was ctfmon.exe, for me it was kbd**.dll (forget the rest), both of which are windows XP system files.

I tried doing the following things, in order:

1. Repair office (crash after looking for windows XP CD to restore system files, evne though I put in the right CD)2. Ran system File Checker (command prompt--> sfc /purgecache, then sfc /scannow) Same error with the incorrect WinXP CD, even though I had the right one. 3. Reinstall Office went further than repair, but ended up with same error.4. Repair (basically, reinstall) Windows XP Pro. Had some odd Entry Point not Found error during installation finalization, about somethign not being found in wpad.dll. Had to press OK about 50+ times, no kidding. After Windows XP reinstalled, I must note that the Windows XP Installer messages when opening Internet Explorer went away. But the Office XP messages stayed.

For you others reading this, what basically happens for the lot of us with this problem is that everytime you open IE or any Microsoft office app (and/or Project and Visio), three windows pop-up.

1. One sayign it's going to install some windows component/file2. Then after that it needs the XP CD because it (the comp) realizes there's system file corruption/changes3. A last oen for Office XP.

As far as I can guess, the second is lookign for some windows system file which got moved, in the two cases i've seen, they were ctfmon and some kbd*.dll. The third is the MS OFfice HandWritingFiles bit. Which is some component ratehr than a file. The guy with the ctfmon.exe problem found all he had to do was move ctfmon.exe into the place installer was saying it was lookign for it (but couldn't find it), and everythign got better. I did not have such luck, as my kbd file was already there.

Since this was a company I was working for, I couldn't afford to spend so much time on one problem, so I ended up re-formatting and re-installing windows to save time. Thank god that worked. Made sure not to save any settings.

I sure hope someone figures this out. Anyhow, here's all the info I gathered:

1. The installer info as posted in previous post.
2. There would be gigantic memory leaks/hang-ups/something. msiexec and svchost would be at 40+ mb of physical ram usage, along with explorer sometimes. (when trying to reinstall stuff, or doign two things at once after openign and initiating the installer mess)
3. It was also infected with the blasted CWS sp.html hack. The one that doesn't go away no matter hwo many tiems you felete the actual html file or reg entries from hijackthis. Though that wasn't the root fo the problem with the installers.
4. Windows Reinstall hung-up during the secodn to last stage (right before Finalizing Installation), and during the last bit of the installation. (The Entry Point not found error)

basically, I am guessing whatever this is, screwed over the system files bad.

I am so glad the worst that's ever happened to my computer was some crap that made me delete all the registry entries for my programs liek a system restore would, makign me reinstall everything. Thank GOD. If you need any help, or if you ever figure this problem out, don't hesitate to contact me via email, at helli[DARN$PAM]ax@gmail.com

I ended up just deleting the msiexec.exe file from the System32 folder then realized its actually needed for InstallShield Wizard to work to install things. Even though I deleted it the window would still pop up real quick then go away, I wouldn't have to click cancel a bunch of times.

Once I figured out that, that file was needed to install things I got a copy from a friend and I put it back and the problem persists

I made a backup of the msiexec.exe file incase I need to install something that uses the InstallShield Wizard, but even though I deleted the file out of the system32 folder, when I start Internet Explorer I can still see the program trying to run but it dissapears so quick its hard to notice, the virus/malware is still there but can't work without the file.